VDB
CVE-2021-2149
CVE-2021-2149
PUBLISHED
CVSS 2.5 LOW
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
EPSS 0.12% · 30.8th percentile
Risk Scores
CVSS 3.1
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.12%
30.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | zfs_storage_appliance | 8.8 |
| Oracle Corporation | Sun ZFS Storage Appliance Kit (AK) Software | 8.8 |
Exploit Intelligence
- https://www.oracle.com/security-alerts/cpuapr2021.html (circl)
- guids_only.yara (github-yara)
- guids_only.yara (github-yara)
- guids_only.yara (github-yara)
- guids_only.yara (github-yara)
- Black-Basta.yar (github-yara)
- Black-Basta.yar (github-yara)
- Black-Basta.yar (github-yara)
- Black-Basta.yar (github-yara)
- Zerologon.yar (github-yara)
…and 7 more exploits
Timeline
- Sep 17, 2020 PoC Published
- Oct 3, 2020 PoC Published
- Apr 21, 2021 CVE Published
- Apr 27, 2021 EPSS Score
- Jun 30, 2021 EPSS Score
- Sep 1, 2021 EPSS Score
- Nov 2, 2021 EPSS Score
- Jan 3, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 8, 2022 EPSS Score
- Jul 9, 2022 EPSS Score